Sprint Planning Meeting 2022 02 02
Erik Moeller edited this page Feb 2, 2022
·
1 revision
- Land SecureDrop 2.2.0 prerequisites: Flask upgrade, "deleted" user changes, kernel upgrade
Status: Flask upgrade has landed; deleted user changes are looking good (Kev doing final review); kernels are undergoing testing
- Release SecureDrop Client 0.6.0 with deletion performance improvement
Status: QA underway for RC2, aiming for release Monday or Tuesday
- Implement experimental 4.1 support that allows SDW to be installed on both 4.0.4 and 4.1 Qubes versions (not necessarily "ready for review")
Status: Done, https://github.com/freedomofpress/securedrop-workstation/pull/751 has experimental 4.0/4.1 compatibility
Discussion re: 2.2.0 milestone:
- (Conor) Should we start package builds for metapackage and stick that on apt-test?
- (Kev) Can we do that testing as part of prepping RC1?
- (Conor) OK cool
- (Conor) Re: changes to HTTPS cert generation for onion services, happy to remain on the hook for docs generation, outside release schedule
What worked well:
- Lots of orientation, group discussion of key points. Knowledge transfer is good!+5
- Positive feedback loop of discuss, iterate, review, e.g. on Qubes 4.1 compat.
- Lots of ad-hoc pairing sessions which is helping with team cohesion+1+1
- Ongoing review of Download Conversation with Allie, great for alignemnt - now becoming time-efficient 🎉
- A few sessions with Erika, mostly on testing, great to share workflow tips
- security triage, nothing happened :)
- With more members on the team, we are able to have many projects ongoing at once, including internal security audits and code reviews +1
What can be improved:
- Manual build procedures remain a time sink. (Kunal, thank you for paying attention to where we can improve these things!)
- More on build procedures: it would be helpful to start using a branch strategy for workstation so that we don't have to stress about freezing
mainbranches - Need to coordinate the release scheduling with localization team (if we switch to continuous translation this may get smoothed out over time)
- My own estimations about whether JI and SI ought to have shared frontend resources ... in the short term: probaly not
- Still somewhat pulled in many directions (issues, SDW QA, upcoming SD QA, hiring, knowledge share)+2
What's still a puzzle:
- improving on the workflow for making + testing changes in different workstation vms (e.g. export/devices)+1
- many components are lacking consistent developer maintenance, so this is real!
- QA process around installing packages from apt-test and apt-qa needs to be documentated now that we are switching things up and formalizing it
- Cory off until February 14, then starting as employee
- Erik and Conor alternating 48+PTO / 410, always off Fridays
- Allie still on 3*10, Mo-Wed
- Gonzalo still on 3*8, Mo-Wed - likely to be off by the week after next - coordination in progress
- Ro still Mo-Thu, ~8-10 per day; Ro off 2022-02-17
- Giulio ~10-15 hours/week
2022-02-03 : SecureDrop Server 2.2.0 feature/string freeze (EOD)
~2022-02-07 : SecureDrop Client 0.6.0 Release
2022-02-08 : Tails 4.27
2022-02-10 : SecureDrop Server 2.2.0 pre-release announcement
2022-02-17 : SecureDrop Server 2.2.0 release
Vulnerabilities triage: Allie
- Release SecureDrop Client 0.6.0
Allie, Gonzalo, Ro working on release and QA Erik helping with QA
- Release SecureDrop 2.2.0
Conor may be able to help with test plan
QA on hardware:
Definitely:
- Kev (NUC10 and NUC11), 1U
- Ro upgrade testing on NUC7
- Conor on VMs
Optionally:
- (potentially) Allie on later RCs with NUC7, 8 or 10
- (potentially) Erik on Mac Minis
- (potentially) Michael on NUC10 and NUC11, pending hardware firewall